Security Risks Grow With 5G

Explosion of data in motion raises serious challenges for chipmakers.


5G mobile phones can download a movie in seconds rather than minutes, but whether that can be done securely remains to be seen.

What is clear from technology providers, though, is they are taking security very seriously with this new wireless technology. More data is in motion, and the value of that data is growing as users rely on mobile devices for everything from banking to automotive safety and robotics.

Each generation of cellular technology is more secure than its predecessor, and 5G introduces zero-trust security that aligns with the National Institute of Standards and Technology’s (NIST) seven tenets of a zero-trust architecture. Secure authentication and authorization for user equipment and network functions is one outcome of incorporating zero-trust architecture. Others include stronger confidentiality and integrity protection of control and user plane traffic, and more secure roaming. 5G also introduces new ways to enhance security for enterprises, critical infrastructure, and government agencies. For example, 5G features include Non-Public Networks (NPNs) and network slicing with slice-specific mutual authentication of devices.

However, 5G also introduces new risks and a greatly expanded attack surface. That surface is populated with a massive number of IoT devices, cloud-based deployments, and third-party applications. Device endpoints, including smart sensors, consisting of software, hardware, and 5G silicon are all potential attack targets.

When an attack does occur, the impact could be immediate, or it could be a delayed time bomb. In either case, malware can take control of the target by altering the software/firmware content inside a chip or application software. This includes injection of new code, erasing existing program code, or staying dormant until some later date. When an unprotected or compromised system reboots, the infected software takes over, making it critical to secure or harden bootable hardware as much as possible.

“5G technology involves deploying network elements in a shared-resource cloud environment,” said Bryan Larish, Verizon’s chief security architect for networks. “Cyberattacks, including using automated botnets, are on the rise. As a mobile network operator, we want to protect our network as well as our customers. I can’t emphasize enough the importance of following all the security basics, including designing the systems, network, or devices using principles similar to the ones we’ve used to secure our 5G network. This will minimize cybersecurity incidents. We have built a compartmentalized architecture. By using this structure, if one area is breached, it can be shut down or contained quickly to prevent the rest of the network from being compromised.”

Increasingly, the focus is shifting from relying on a bulletproof device or network — a persistent goal — to ensuring that a device or system can recover. The key concept here is resilience across a system, and systems of systems, and it’s being addressed in conferences and conference rooms across the industry.

“To fully realize the vision of 5G, strong security must be provided throughout the system — from the cloud through network and edge to the device,” said Steve Hanna, distinguished engineer at Infineon Technologies. “All of these components must remain secure and reliable despite increasingly sophisticated attacks. Data must be encrypted, components must be authenticated, and integrity of systems must be verified. Silicon security provides a solid foundation for these security measures, offering resistance against attacks on software.”

What can go wrong?
No new technology is perfect, as evidenced by the number of security-related over-the-air software updates. And no vendor or organization can predict all possible vulnerabilities up front.

“It’s important to understand vulnerabilities and their relation to hardware and software bugs,” said John Hallman, product manager for trust and security at OneSpin Solutions, a Siemens Business. “Once a hacker discovers these weak points in the hardware, software, or systems, they can be leveraged to become a beachhead for hackers to launch an attack. That is why you want to harden your chips to minimize cyber risk. You also want to take the layered approach in your design so that one single attack will not compromise your entire network. The tasks of cybersecurity are never done. You need to hunt for suspicious malware, update, and verify your system on an ongoing basis.”

To make matters worse, hackers are rapidly becoming more sophisticated. With enough resources and time, it’s possible to hack into anything. But it’s no longer just governments or government-sponsored groups that are doing the hacking. Criminal organizations are becoming much more tech savvy as the value of data continues to rise. The recent spate of ransomware attacks is a case in point.

5G adds better data protection over 4G. Until 4G, only one authentication method (as defined in 3GPP) was supported for user equipment to access the network

5G user-plane integrity protection has been added for all user data traffic on top of encryption. Still, this may not be sufficient for very diverse deployment scenarios of 5G, such as for some IoT implementations, factories, enterprises, governments, and so on. To address these limitations, and to further enhance flexibility, 5G adopted the Extensible Authentication Protocol (EAP), a standard developed by the Internet Engineering Task Force (IETF) to support various authentication methods. 5G also introduced unified access to 3GPP systems and services via 3GPP radio access technology (RAT) and other RATs (e.g. Wi-Fi).

In addition to primary authentication for the network access, 5G supports service level authentication and authorization. For example, Network Slice-Specific Authentication and Authorization (NSSAA) and secondary authentication and authorization for data network access are supported. Network slicing involves slicing the physical network infrastructure into multiple virtual networks. For each slice, access is granted via separate authentication and authorization for better security and isolation from other network slices.

5G security also encompasses various new verticals. These include security for Ultra-Reliable and Low-Latency Communication (URLLC), Industrial IoT, Non-Public Networks (NPNs), automotive V2X, edge computing, Uncrewed Aerial Systems (UAS), Integrated Access and Backhaul (IAB), Proximity Services (ProSe), and Multicast and Broadcast Systems (MBS).

Defensive strategies
The basic defense strategies for 5G include deploying the best security technologies, developing a defense process, and having trained staff and/or employees who know exactly what to do when an attack occurs. But it’s important to recognize that no single approach solves everything.

“5G is the first cellular technology designed for the cloud,” said Scott Poretsky, director of security for Ericsson North America’s Network Product Solutions. “Cloud-based deployments of 5G Radio Access Network (RAN) and Core can provide inherent security advantages such as isolation and geographical redundancy. However, the cloud also introduces new security risks that must be considered. The mitigation of these risks can be addressed with a combination of people, processes, and technology to ensure implementations are secure, trusted, and robust. Recommendations for security controls in cloud deployments include best practices for secure software development and lifecycle management, a zero-trust architecture, micro-segmentation, data theft and privacy protection, third-party hardware security, and user plane security.”

Adding programmable logic into designs also provides flexibility to deal with attacks.

“One of the primary threats is malicious code insertion that can cause embedded processors to behave in unintended ways, or to disrupt communications,” said Andy Jaros, vice president of IP sales and marketing at Flex Logix. “A proven technique is to use FPGAs as the root of trust to verify CPU boot code images prior to system booting. This technique ensures that CPU and BIOS are programmed with authenticated boot code. It also makes it possible to monitor system activity for any unintended operation. FPGAs have been used because the system security requirements continue to change, while cybersecurity threats continue to evolve.”

Programmability also increases the ability of systems to adapt to threats throughout their lifetimes, which in the case of automotive or industrial applications can be a decade or more. In addition, NIST encryption standards are constantly being upgraded, and FPGAs can be reprogrammed in the field with update algorithms.

“With the advent of embedded FPGA IP that is as area-efficient as FPGAs, this capability can now be integrated on chip to ASICs and ASSPs, saving power and costs. System upgradability is provided without having to make a new chip,” Jaros said. “Protecting carrier IP, such as proprietary hashing and beam forming algorithms, is also extremely important. By programming these proprietary algorithms post-silicon manufacturing or even post-system installation, proprietary carrier circuits and accelerators are not exposed during the manufacturing supply chain and remain secret to the carrier.”

But at the most advanced nodes, which is where many 5G chips are being developed, designs also are getting much more complex. While programmability can help in some respects, the sheer volume and complexity adds a lot of corners and unknowns into the chips, making it harder to make these chips work in the first place, let alone secure them.

“FPGAs and ASICs are getting bigger and more complex,” said Nick Ni, director of product marketing for AI and software at Xilinx. “This is great news for developers, and with hundreds of billion transistors in today’s 7nm technology, we’re seeing about 38% CAGR in terms of transistor increases. This means you have more innovation they can do on the chips, and with chips for AI and 5G, you can put in a lot more logic. But when it comes to the tradeoffs, your design complexity increases, your compile time increases, and it’s more and more difficult now to hit the clock speed or QoR that you need.”

Growing complexity
One of the challenges with 5G is that it involves many stakeholders, not just the chipmakers. Those include infrastructure equipment manufacturers, mobile network operators (Verizon, AT&T, T-Mobile just in the U.S., with many more internationally), as well as public and private cloud operators (Amazon, Microsoft, Google, Baidu, Alibaba), a variety of mobile devices (PCs, mobile phones, cars, robots), smart device manufacturers (smart home devices supporting Z-Wave, Zigbee, Wi-SUN, and more) networking devices (Internet hubs, repeaters, gateways,) 3GPP, and government agencies such as the FCC.

Hackers are constantly looking for opportunities to attack this 5G “food chain,” and this is reflected in the rising number and frequency of cyberattacks. Ransomware and DDoS are among the common types of cyberattacks, and these attacks show no signs of slowing down. With its high-speed, high-bandwidth network capability for real-time IIoT and M2M connections 5G offers benefits, but also makes a large target for hackers. Cyberattacks not only cause disruptions, but have a direct impact on costs. They include the loss of business and customer trust, higher cyber insurance fees, and public relations nightmares.

“Security has always been an important consideration for 3GPP cellular networking standards, and that continues to be the case with its 5G standards, starting with Release 15,” said Soo Bum Lee, principal engineer at Qualcomm. “The 3GPP ecosystem of network operators, service providers, and device manufacturers should implement the rich set of security provisions in the 5G standard. Network operators should authenticate and authorize devices and secure their traffic. Infrastructure vendors and device manufacturers should ensure features are not only implemented as per the standard, but also activated in consistency with the network operator’s security policies. Device manufacturers should incorporate additional platform security features including, but not limited to, secure boot, secure firmware update, and device attestation based on a hardware root of trust. Finally, all the stakeholders should participate in collaborative efforts to address potential issues promptly through well-defined procedures and programs, e.g., the GSMA’s coordinated vulnerability disclosure (CVD) program.”

5G’s growth projection
In spite of growing security threats, it’s unlikely that the 5G market will be affected. Low latency and high bandwidth are essential for fully autonomous cars and robots that can perform precision surgery as if a surgeon is right in the room rather than steering the operation from miles away.

“Many mission-critical applications including some for telemedicine/surgery, automotive, and traffic management require real-time response without delays,” said Frank Schirrmeister, senior group director for Solutions & Ecosystem at Cadence. “An error caused by delays can be costly and even be fatal. 5G offers not only high-speed but low latency as well. Without low latency, it would be the equivalent of a vehicle trying to get on a high-speed freeway at full speed but failing to do so because of traffic congestion.”

Market analyses support those conclusions. “5G is the fastest-growing generation of wireless cellular technology, having reached 429 million connections globally in Q2 of 2021,” said Viet Nguyen, director of public relations and technology at 5G Americas. “It took just seven quarters to reach a quarter billion people, something which took 4G LTE 19 quarters to achieve. 5G’s capabilities include data rates that are up to 100 times faster than 4G LTE, with network latencies below 10 milliseconds, and the ability to manage up to one million mobile devices per square kilometer.

Market research firm IoT Analytics forecast that more than 27 billion IoT devices will be connected by 2025. Cellular IoT has already passed the two billion mark. And a video from 5G Americas shows the vision of 5G that will enable digital transformation by connecting billions of IoT devices. It will be possible to get information in real time and automate intelligent decisions in every industry.

The IoT will continue to grow as 5G enables many different applications in many different segments. Among them:

  • Autonomous driving and V2X applications using artificial intelligence
  • Virtual reality, augmented reality, and mixed reality
  • Telemedicine and remote surgery
  • Connecting smart cities
  • Smart manufacturing and Industry 4.0
  • Telehealth, connected medical devices
  • Enable millions of IIoT (industrial IoT or machine-to-machine) connections on a single network
  • Energy and utility management
  • Supply chain and logistics management
  • Smart transportation
  • High-speed blockchains

5G can achieve a theoretical download speed of 20 Gbps with latency of 1 milliseconds (ms). In reality, however, a practical goal is to achieve a latency of 10 ms or less. It is extremely difficult to get down to even 4 ms. Compared with 4G’s download speed, 5G will be up to 20 times faster. Additionally, it will be able to support a massive number of IoT and IIoT deployments.

Fig. 1: Current download speeds. Source: Opensignal
Fig. 1: Current download speeds. Source: Opensignal

Still, one of the biggest challenges in establishing any international standard is interoperability. Getting corporations in countries to cooperate is not an easy task. The 5G standard is a work in progress. New features and specifications are being added on an ongoing basis as 3GPP releases, and security updates will be required throughout 5G’s lifetime.

Over time, 5G technology will reach the top speed of 20 Gbps. That means even more data will be in motion, and potentially susceptible to attacks. And given the complexity of 5G networks and the number of players involved, building in robust security will be a continuous process rather than something that can be permanently addressed in the design and manufacturing stages.

Finally, these two documents from the EU (February 2021) and 5G Americas (July 2020) may be helpful design guides.

Leave a Reply

(Note: This name will be displayed publicly)